- The attacker can easily download system files with the help of directory traversal vulnerability.
- Address: https://www.example.com/example/download.jsp?fileName=../../../../etc/passwd
- Clicking on this link it will download /etc/passwd file
- To restrict download add below lines <VirtualHost :443> OR <VirtualHost :80> .
File Name : httpd.conf & ssl.conf
*************************************************************
LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine on
RewriteCond %{THE_REQUEST} ^.*/\.
RewriteRule ^(.*)$ - [R=404]
*************************************************************
Thanks 😊
No comments:
Post a Comment